6b90bd4ba4
This patch allows to build the whole kernel with GCC plugins. It was ported from
grsecurity/PaX. The infrastructure supports building out-of-tree modules and
building in a separate directory. Cross-compilation is supported too.
Currently the x86, arm, arm64 and uml architectures enable plugins.
The directory of the gcc plugins is scripts/gcc-plugins. You can use a file or a directory
there. The plugins compile with these options:
* -fno-rtti: gcc is compiled with this option so the plugins must use it too
* -fno-exceptions: this is inherited from gcc too
* -fasynchronous-unwind-tables: this is inherited from gcc too
* -ggdb: it is useful for debugging a plugin (better backtrace on internal
errors)
* -Wno-narrowing: to suppress warnings from gcc headers (ipa-utils.h)
* -Wno-unused-variable: to suppress warnings from gcc headers (gcc_version
variable, plugin-version.h)
The infrastructure introduces a new Makefile target called gcc-plugins. It
supports all gcc versions from 4.5 to 6.0. The scripts/gcc-plugin.sh script
chooses the proper host compiler (gcc-4.7 can be built by either gcc or g++).
This script also checks the availability of the included headers in
scripts/gcc-plugins/gcc-common.h.
The gcc-common.h header contains frequently included headers for GCC plugins
and it has a compatibility layer for the supported gcc versions.
The gcc-generate-*-pass.h headers automatically generate the registration
structures for GIMPLE, SIMPLE_IPA, IPA and RTL passes.
Note that 'make clean' keeps the *.so files (only the distclean or mrproper
targets clean all) because they are needed for out-of-tree modules.
Based on work created by the PaX Team.
Signed-off-by: Emese Revfy <re.emese@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michal Marek <mmarek@suse.com>
51 lines
1.8 KiB
Makefile
51 lines
1.8 KiB
Makefile
###
|
|
# scripts contains sources for various helper programs used throughout
|
|
# the kernel for the build process.
|
|
# ---------------------------------------------------------------------------
|
|
# kallsyms: Find all symbols in vmlinux
|
|
# pnmttologo: Convert pnm files to logo files
|
|
# conmakehash: Create chartable
|
|
# conmakehash: Create arrays for initializing the kernel console tables
|
|
# docproc: Used in Documentation/DocBook
|
|
# check-lc_ctype: Used in Documentation/DocBook
|
|
|
|
HOST_EXTRACFLAGS += -I$(srctree)/tools/include
|
|
|
|
hostprogs-$(CONFIG_KALLSYMS) += kallsyms
|
|
hostprogs-$(CONFIG_LOGO) += pnmtologo
|
|
hostprogs-$(CONFIG_VT) += conmakehash
|
|
hostprogs-$(BUILD_C_RECORDMCOUNT) += recordmcount
|
|
hostprogs-$(CONFIG_BUILDTIME_EXTABLE_SORT) += sortextable
|
|
hostprogs-$(CONFIG_ASN1) += asn1_compiler
|
|
hostprogs-$(CONFIG_MODULE_SIG) += sign-file
|
|
hostprogs-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
|
|
hostprogs-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
|
|
|
|
HOSTCFLAGS_sortextable.o = -I$(srctree)/tools/include
|
|
HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
|
|
HOSTLOADLIBES_sign-file = -lcrypto
|
|
HOSTLOADLIBES_extract-cert = -lcrypto
|
|
|
|
always := $(hostprogs-y) $(hostprogs-m)
|
|
|
|
# The following hostprogs-y programs are only build on demand
|
|
hostprogs-y += unifdef docproc check-lc_ctype
|
|
|
|
# These targets are used internally to avoid "is up to date" messages
|
|
PHONY += build_unifdef build_docproc build_check-lc_ctype
|
|
build_unifdef: $(obj)/unifdef
|
|
@:
|
|
build_docproc: $(obj)/docproc
|
|
@:
|
|
build_check-lc_ctype: $(obj)/check-lc_ctype
|
|
@:
|
|
|
|
subdir-$(CONFIG_MODVERSIONS) += genksyms
|
|
subdir-y += mod
|
|
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
|
|
subdir-$(CONFIG_DTC) += dtc
|
|
subdir-$(CONFIG_GDB_SCRIPTS) += gdb
|
|
|
|
# Let clean descend into subdirs
|
|
subdir- += basic kconfig package gcc-plugins
|